War-Dialing Techniques | Scanning

War dialing is the process of dialing modem numbers to find an open modem connection that provides remote access to a network for an attack to be launched against the target system. The term war dialing originates from the early days of the Internet when most companies were connected to the Internet via dial-up modem connections. War dialing is included as a scanning method because it finds another network connection that may have weaker security than the main Internet connection. Many organizations set up remote-access modems that are now antiquated but have failed to remove those remote-access servers. This gives hackers an easy way into the network with much weaker security mechanisms. For example, many remote-access systems use the Password Authentication Protocol (PAP), which send passwords in cleartext, rather than newer virtual private networking (VPN) technology that encrypts passwords.

War-dialing tools work on the premise that companies don't control the dial-in ports as strictly as the firewall, and machines with modems attached are present everywhere even if those modems are no longer in use. Many servers still have modems with phone lines connected as a backup in case the primary Internet connection fails. These available modem connections can be used by a war-dialing program to gain remote access to the system and internal network.

Real World Scenario: Using a Forgotten Modem Connection for War Dialing

I was performing a network security audit for a financial services firm a few years ago. They asked me to do a walkthrough of the site for the purposes of a physical security audit. As I was passing one of the desks in the marketing department I noticed a phone line coming out from around the desk and connecting to a wall jack. I asked about the use of modems as I was trying to ascertain the reason for the phone line cable. I was told that they used to use dial-up on some of the computers for Internet access but that two years ago they switched to a high-speed T1 connection for the entire office. As we explored further, it was revealed that the employee who used that computer still used AOL on the dial-up connection to check her personal email account. Quite surprising to everyone, when the new Internet connection was installed no one ever checked to ensure all the dial-up connections were removed. Here is a prime example of why war dialing still works in some cases.

Hacking Tools

THC-Scan, PhoneSweep, and TeleSweep are tools that identify phone numbers and can dial a target to make a connection with a computer modem. These tools generally work by using a predetermined list of common usernames and passwords in an attempt to gain access to the system. Most remote-access dial-in connections aren't secured with a password or use very rudimentary security.